About this blog

About Deloitte Insights

Deloitte’s Insights for CFOs provides financial executives a customized resource to help them address the strategic, operational and regulatory issues they face in managing their finance organizations and careers, with top-line digests, research, perspectives and technical analyses.

Search Deloitte Insights

Related Deloitte Insights

Compliance responsibilities are becoming every employee’s responsibility, which requires organizations to integrate compliance efforts with business activities. But, the transformation from a siloed function to an integrated approach requires continuous monitoring and improvement to keep pace with emerging risks. Learn seven components of a “full spectrum” integrated approach to compliance that extends from internal people, processes and technologies to third parties and business partners.

Historically, insider threat mitigation has been predominately viewed as a cybersecurity challenge that is strictly an IT responsibility. But by taking a broader view, companies can help assure the business, protect employees and safeguard critical data, systems and facilities. Learn what to consider when designing, building and implementing a formal insider threat mitigation program.

As regulatory expectations for the financial services industry continue to increase, many boards are engaging more deeply in risk governance by implementing a risk appetite framework, which is a structured approach to governance, management, measurement, monitoring and control of risk. This second article of a two-part series discusses elements of an effective risk appetite framework and key steps to implementing a framework.

Deloitte Views & Analysis

Establishing or expanding operations or back-office functions in other countries can usher in many benefits, but can also carry hidden costs and risks. Bob Chapman, managing partner, global, for Deloitte LLP, discusses important, and sometimes overlooked, considerations in building or relocating in other countries. Mr. Chapman, who leads efforts with respect to investments in markets such as Brazil, China, India, Japan and Southeast Asia, also discusses some of the inherent risks.

Emerging market growth has become the siren song of the consumer products industry, but emerging market M&A can present significant obstacles. Companies seeking growth in emerging markets should consider targets that can add value in the medium term while providing long-term positional advantages. And when embarking on an acquisition or strategic joint venture, they should understand the potential issues that could hinder competitiveness.

Companies that impose Human Resource (HR) programs on emerging market employees without considering local workforce preferences may quickly find themselves at a disadvantage. Yet, employers should make sure global expansions do not dilute their global talent brand. Learn ways to strike a balance by viewing the issue through the lens of a risk management program reflecting in-country experience and global HR frameworks.

The 8-Character Password Is No Longer Secure

A mixed-case password that is eight characters long and contains a numeral and a symbol has long been considered strong, even by many IT departments. After all, it is one of 6.1 quadrillion combinations, and would take a reasonably fast computer nearly a year to crack.

That password, however, is no longer secure enough, thanks to human behavior and technology. Rather, longer passwords and multifactor authentication can provide more security for users, as Paul Lee and Duncan Stewart, both directors with Deloitte Research, explain in this video looking at trends in the Technology, Media and Telecommunications (TMT) industry.

For starters, humans struggle to retain more than seven numbers in short-term memory.¹ Adding letters, cases and symbols makes remembering that much more difficult. As a result, humans tend to select words and names that have some personal meaning; they begin passwords with an uppercase letter and end them with whatever numerals and symbols are required. Therefore, it’s no surprise that, in a recent study of 6 million actual user-generated passwords, the 10,000 most common passwords would have accessed 98.1% of all accounts.² The prevalence of common passwords makes it even easier for hackers to crack passwords.

Even more worrisome than non-random passwords is password re-use. The average user has 26 password-protected accounts, but only five passwords.³

Advances in technology are further aiding would-be hackers. A computer loaded with the latest virtualization software and high-powered graphics cards can now crack an eight-character password in 5.5 hours.⁴ That is why the days of the secure eight-character password are numbered.